From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 97787 invoked by alias); 2 Oct 2015 17:01:46 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 97768 invoked by uid 89); 2 Oct 2015 17:01:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-User: qpsmtpd, 2 recipients X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 02 Oct 2015 17:01:45 +0000 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 95559C0A1615; Fri, 2 Oct 2015 17:01:43 +0000 (UTC) Received: from localhost (ovpn-116-138.ams2.redhat.com [10.36.116.138]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t92H1gHA014623; Fri, 2 Oct 2015 13:01:42 -0400 Date: Fri, 02 Oct 2015 17:01:00 -0000 From: Jonathan Wakely To: Martin Sebor Cc: Florian Weimer , libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org Subject: Re: [patch] libstdc++/67747 Allocate space for dirent::d_name Message-ID: <20151002170142.GU12094@redhat.com> References: <20150929113726.GU12094@redhat.com> <560E759E.2000005@redhat.com> <20151002123428.GP12094@redhat.com> <560EB776.2090504@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <560EB776.2090504@gmail.com> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-10/txt/msg00255.txt.bz2 On 02/10/15 10:57 -0600, Martin Sebor wrote: >On 10/02/2015 06:34 AM, Jonathan Wakely wrote: >>On 02/10/15 14:16 +0200, Florian Weimer wrote: >>>On 09/29/2015 01:37 PM, Jonathan Wakely wrote: >>>>POSIX says that dirent::d_name has an unspecified length, so calls to >>>>readdir_r must pass a buffer with enough trailing space for >>>>{NAME_MAX}+1 characters. I wasn't doing that, which works OK on >>>>GNU/Linux and BSD where d_name is a large array, but fails on Solaris >>>>32-bit. >>>> >>>>This uses pathconf to get NAME_MAX and allocates a buffer. >>> >>>This still has a buffer overflow on certain file systems. >>> >>>You must not use readdir_r, it is deprecated and always insecure. We >>>should probably mark it as such in the glibc headers. >> >>OK, I'll just use readdir() then. The directory stream is private to >>the library type, so the only way to call readdir() concurrently on a >>single directory stream is to increment iterators concurrently, which >>is undefined anyway. >> >>So that will work as long as readdir() doesn't use a global static >>buffer shared between streams, i.e. it meets the POSIX requirement >>that "They shall not be affected by a call to readdir() on a different >>directory stream." I don't know if mingw meets that, but there is lots >>of work needed to make this stuff work in mingw. > >Readdir isn't required to be thread-safe (it may reference global >data) so calling it in multiple threads even with a different dirp >argument is undefined. A thread-unsafe implementation can meet the >POSIX requirement and still access global data but without locking. > >The Solaris implementation, for example, is explicitly documented >as thread unsafe. At this point I think I'm just going to disable the filesystem lib on Solaris!